Common Criteria

Common Criteria is an internationally recognized set of guidelines for information technology security products. It provides assurance to buyers that the process of specification, implementation and evaluation for any certified computer security product was conducted in a thorough and standard manner.

Corsec helps determine the best path to Common Criteria certification given your product’s unique market drivers, competitive landscape and primary goals.

Common Criteria Certification Process

CONTACT CORSEC for information on Common Criteria and other certifications for your product.

Common Criteria Overview

Twenty-five countries have signed the Common Criteria Recognition Agreement (CCRA), making the certification an unparalleled measure of security for the international commerce of IT products. Common Criteria certification is not only required for access to U.S. and international government markets, but it can also serve as a competitive differentiator when marketing to non-government clients in other industries such as finance, critical infrastructure and health care.

Corsec offers solutions to help clients better understand how and what certifications are right for each product.

Common Criteria Requirements

Common Criteria allows organizations to sell their products to the U.S. Federal Government and international governments. It can also serve as a competitive differentiator when marketing to non-government clients in other industries.

Are you focusing on these markets?

Common Criteria, FIPS 140-2, UC APL - U.S. Government   Common Criteria, FIPS 140-2, UC APL - Financial Services    Common Criteria, FIPS 140-2, UC APL - Health care

Common Criteria, FIPS 140-2, UC APL - Critical Infrastructure Common Criteria, FIPS 140-2, UC APL - Global GovernmentCommon Criteria, FIPS 140-2, UC APL - Internet of Things (IoT)

CCRA member requirements for Common Criteria

Common Criteria Common Questions

There are three important considerations when contemplating Common Criteria certification:

How long does a Common Criteria certification take?

A typical validation effort will take anywhere from twelve to sixteen months from start to finish. There are three major phases to a Common Criteria certification.

Phase 1: Design and Documentation

The amount of time to properly design and document a product varies greatly, depending upon the nature of the changes required and the maturity level of the product being evaluated. However, this phase of the process is the one that product vendors have the most control over. Many products require only small changes to meet Common Criteria requirements and some product manufacturers are able to integrate the design and documentation phase into a regular product release cycle. Assuming ideal circumstances, Corsec recommends planning for approximately four to six months for this effort.

Phase 2: Laboratory Testing

The amount of time that laboratory testing of an individual product takes directly correlates with how well the product was designed and documented. A product that properly meets the requirements and is delivered to the testing laboratory with all required documentation written correctly can move through testing in two to three months. There is no maximum time it can take for a product to successfully complete testing. Corsec recommends ensuring your product meets all requirements prior to entering the testing phase for Common Criteria.

Phase 3: Scheme Review

Once the testing laboratory completes its testing of a product, a report is submitted to the certifying Scheme for review. The amount of time this review takes varies and can range from anywhere between two weeks and two months. Additional time may also be required if problems with the product are discovered during the review.


How much does a Common Criteria Certification cost?

Common Criteria certification costs vary greatly, depending upon the complexity of the product and the level of certification sought. Additionally, poor planning and failure to properly execute a plan have resulted in some staggering sums being spent on certification efforts. Calculating how much a certification will cost is one of the most important activities when planning an evaluation effort.


How do I get Common Criteria Certified?

In order to begin a certification, there are a number of decisions that need to be made. However, none of these decisions can be made until you understand the following:

ROI Cost Product Changes Certification Options Timing Customer Requirements New Business Areas Competitive Analysis


Corsec offers a comprehensive set of services to help you answer all of these questions and plan a successful path to Common Criteria certification. Schedule An Assessment for your organization to determine the best options forward.


Get Started
On Certifications

Get Started On Certifications

Watch a
Corsec Webinar

Watch A Webinar by Corsec

Discuss Your
Certification Needs

Discuss Your Certification Needs

Call Corsec +1 703 267 6050